U.S. Health and Human Services Dept. Creates Program on Health Information Privacy and Security

April 5th, 2010

EKG screen

The U.S. health care community has increasingly been adopting the use of electronic medical records and other electronic health information systems, but serious concerns about the security and privacy of those systems have been raised. The U.S. Department of Health and Human Services has just announced an award of $15 million in research funding to help put those concerns to rest. The Information Trust Institute (ITI) at the University of Illinois at Urbana-Champaign is set to lead a multi-university consortium of researchers who intend to make the technologies involved in electronic health records, health information exchange, and telemedicine trustworthy enough to earn the confidence of doctors and patients. The ultimate goal of the project is to improve patient outcomes while limiting inappropriate access.

The research award, entitled “Strategic Healthcare Information Technology Advanced Research Projects on Security (SHARPS),” will result in the creation of the SHARPS Center for Health Information Privacy and Security within ITI, and will support research led by 20 senior researchers at the University of Illinois, the University of California at Berkeley, Carnegie Mellon University, Dartmouth College, Harvard Medical School, Johns Hopkins University, New York University, Northwestern Memorial Hospital, Stanford University, the University of Massachusetts Amherst, the University of Washington, and Vanderbilt University.

The SHARPS program’s lead investigator, Professor Carl A. Gunter of the Department of Computer Science and ITI at Illinois, explained the program’s motivation: “It is essential for patients and healthcare providers to have confidence in the information technologies on which modern healthcare is becoming increasingly reliant. SHARPS will address a key range of security and privacy barriers that currently limit the free exchange of data that can improve the quality, convenience, and efficient delivery of care. To accomplish this, SHARPS has assembled an elite multidisciplinary team of healthcare and cyber-security experts that is uniquely capable of carrying out an ambitious strategic program to bring security and privacy in health information technology to a new level of sophistication.”

SHARPS will focus on three health information environments -- electronic health records, health information exchange, and telemedicine -- that are becoming increasingly popular in spite of security concerns with their use.

Electronic health records, although already prevalent in most U.S. hospitals, are subject to risks that paper records are not, such as the physical ease with which a thief can carry away thousands of patients’ records on a USB stick in his pocket. Further, electronic records are vulnerable to Internet-based attacks if they are put online to increase accessibility.

Health information exchange plays a crucial role whenever patients and their healthcare providers are not in the same place -- for example, when a patient seeks emergency care while traveling far from home, or a patient’s primary care physician wishes to consult a specialist who is located at another institution in another state. However, such information exchange is greatly complicated by the fact that providers at different locations may be subject to different laws and institutional policies, and may face different security threat levels. Furthermore, multiple providers may be using different health information systems that are not compatible with each other.

Finally, telemedicine -- technologies that enable individuals to monitor and manage their health in settings outside hospitals -- is already being used to support a broad range of health and wellness goals, such as chronic disease management and independent aging. However, security and privacy risks have been a major barrier to adoption. Networked sensing devices collect sensitive personal information, from physiological data to information on patients’ activities and locations, and networked implanted devices expose patients to new risks, should adversaries find a way to control those devices.

Bruce Schneier, noted author and Chief Security Technology Officer of BT, praised the decision to establish the SHARPS program. “I believe in the SHARPS team. Their work will build technologies to make future health information systems more secure, accurate, and privacy-preserving,” he stated.

John D. Halamka, Chief Information Officer of Harvard Medical School and Beth Israel Deaconess Medical Center, also expressed the view that the SHARPS project is addressing critical problems, and has the expertise to make valuable contributions. “The advancement of security in healthcare information technology is an issue with far-reaching implications warranting immediate attention,” he said. “We need interoperable healthcare to ensure the right care is given to the right patients at the right time, but always protecting privacy. SHARPS has gathered an exceptionally capable team of innovators to tackle this important objective.”

About the Information Trust Institute (ITI)

The Information Trust Institute is a multidisciplinary cross-campus research unit housed in the College of Engineering at the University of Illinois at Urbana-Champaign. It is an international leader combining research and education with industrial outreach in trustworthy and secure information systems. ITI brings together over 100 faculty, many senior and graduate student researchers, and industry partners to conduct foundational and applied research to enable the creation of critical applications and cyber infrastructures. In doing so, ITI is creating computer systems, software, and networks that society can depend on to be trustworthy, that is, secure, dependable (reliable and available), correct, safe, private, and survivable. Instead of concentrating on narrow and focused technical solutions, ITI aims to create a new paradigm for designing trustworthy systems from the ground up and validating systems that are intended to be trustworthy. www.iti.illinois.edu